Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 18-07-2023 Exécuté par patrick (administrateur) sur DESKTOP-2NPGTSS (LENOVO 80LT) (21-07-2023 14:10:15) Exécuté depuis C:\Users\patrick\Desktop\FRST64.exe Profils chargés: patrick Plate-forme: Microsoft Windows 11 Professionnel Insider Preview Version 23H2 25905.1000 (X64) Langue: Français (France) Navigateur par défaut: FF Mode d'amorçage: Normal ==================== Processus (Avec liste blanche) ================= (Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.) (C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe ->) (Fortemedia Inc. -> ) C:\Program Files\Realtek\Audio\HDA\FMAPP.exe (C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_523.17400.0.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\114.0.1823.82\msedgewebview2.exe <6> (explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <3> (explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <12> (services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe (services.exe ->) (Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe (services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe <2> (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23060.1012-0\MsMpEng.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23060.1012-0\NisSrv.exe (svchost.exe ->) (Microsoft Windows -> ) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_523.17400.0.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3> (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe ==================== Registre (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-04] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-04] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-04] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-04] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\Software\Policies\...\system: [DisableAcrylicBackgroundOnLogon] 1 HKU\S-1-5-21-1330335189-3289774998-2876471418-1000\...\Run: [MicrosoftEdgeAutoLaunch_3154D86BB033AAEA9477A77EC225BA40] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4113856 2023-07-13] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-1330335189-3289774998-2876471418-1002\...\Run: [MicrosoftEdgeAutoLaunch_E659F5BFDCFB836B4EA731A4A853C428] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4113856 2023-07-13] (Microsoft Corporation -> Microsoft Corporation) ==================== Tâches planifiées (Avec liste blanche) ================= (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) Task: {9EAD6FAF-861C-4422-8948-FCB4A5795A88} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe [4933952 2023-07-08] (Microsoft Windows -> Microsoft Corporation) Task: {90961E1F-D59E-4D0E-9444-5363F85A251B} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [74952 2022-11-20] (Lenovo -> Lenovo Group Ltd.) Task: {07C8D1C4-4EB6-4FCF-9D84-D285E2D6FE88} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => C:\WINDOWS\system32\sc.exe [102400 2023-07-08] (Microsoft Windows -> Microsoft Corporation) -> START ImControllerService Task: {FBD422E4-7229-452B-9A09-E73870453C20} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => C:\WINDOWS\System32\reg.exe [106496 2023-07-08] (Microsoft Windows -> Microsoft Corporation) -> add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32 Task: {A67475CE-37F0-45EB-BD0F-F29169EE6DDB} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\16e8bb80-3fe0-4420-bb62-423eb57eb7e1 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.) Task: {0484AFA9-2C88-4DFC-93D6-E5A4312379BA} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\4cadf73b-45fe-4b25-90a4-dd2d212c6bb3 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.) Task: {B5A71B00-AE7C-48DF-ADC2-8D131377FD7A} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\a24dd72c-79ea-451e-8c1c-ace05bbfcddf => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.) Task: {5FC8A017-6614-4DD6-AE46-E01BA9B9B8B8} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\cf4f8c8a-0c1f-48d2-abe8-f3f3c6893780 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.) Task: {40B74FB3-312E-4234-995F-E9D683256498} - System32\Tasks\Microsoft\Windows\Application Experience\MareBackup => Command(1): %windir%\system32\compattelrunner.exe -> -m:aeinv.dll -f:UpdateSoftwareInventoryW invsvc Task: {40B74FB3-312E-4234-995F-E9D683256498} - System32\Tasks\Microsoft\Windows\Application Experience\MareBackup => Command(2): %windir%\system32\compattelrunner.exe -> -m:appraiser.dll -f:DoScheduledTelemetryRun Task: {40B74FB3-312E-4234-995F-E9D683256498} - System32\Tasks\Microsoft\Windows\Application Experience\MareBackup => Command(3): %windir%\system32\compattelrunner.exe -> -m:aemarebackup.dll -f:BackupMareData Task: {F19D7BFE-ADAB-4A75-B6B7-4595BA3E21D5} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\UCPD velocity => C:\WINDOWS\system32\UCPDMgr.exe [58880 2023-07-08] (Microsoft Windows -> Microsoft Corporation) Task: {E5CE5B1B-5228-4319-8F0F-53D187963F46} - System32\Tasks\Microsoft\Windows\Containers\CmCleanup => {F50E9363-6BC8-4DC5-8CAB-7D9F8C1B81B4} Task: {FFFBDFF9-03E4-42F4-98FC-D27C6FA54DF1} - System32\Tasks\Microsoft\Windows\Management\Connectivity\ESIMPM => C:\WINDOWS\system32\esimpm.exe [495616 2023-07-08] (Microsoft Windows -> ) Task: {64FC196F-8C54-4CD9-A5F9-51A72E8E70FD} - System32\Tasks\Microsoft\Windows\ReFsDedupSvc\Initialization => {DCFF735B-64F7-45F3-B39C-6C66BBE2120F} Task: {9392B30A-A21F-482B-932A-184ABECA9FC6} - System32\Tasks\Microsoft\Windows\SharedPC\Account Cleanup => {7750564D-D61C-4557-8A9D-7DF56BDCFF96} Task: {8FD51411-BEE9-42D4-A65D-50F6D81051E3} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (Pas de fichier) Task: {A1F22EE2-DEC0-4844-9464-C5D4E64893D6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23060.1012-0\MpCmdRun.exe [1592128 2023-07-13] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {8FB6D7A6-C94F-456B-ABB5-B56CD4E4A325} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23060.1012-0\MpCmdRun.exe [1592128 2023-07-13] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {9085287D-DEAB-4CFA-9567-FC038504576A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23060.1012-0\MpCmdRun.exe [1592128 2023-07-13] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {670947FF-43A0-4E88-AEB0-3D6DBD0D38AB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23060.1012-0\MpCmdRun.exe [1592128 2023-07-13] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {E3E8A36A-884B-4742-94DC-563AB3BA3835} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Refresh Group Policy Cache => {07369A67-07A6-4608-ABEA-379491CB7C46} C:\Windows\System32\UpdatePolicy.dll [139040 2023-07-08] (Microsoft Windows -> Microsoft Corporation) Task: {115808FD-6E3A-4501-BBB2-797F3E565C7E} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [686496 2023-07-12] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate Task: {38565688-6442-4A92-B293-17FA0D6E612E} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [724384 2023-07-12] (Mozilla Corporation -> Mozilla Foundation) (Si un élément est inclus dans le fichier fixlist.txt, le fichier tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.) ==================== Internet (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{58ec27d2-c659-44ff-8046-3755d5223d6f}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{c0342ce9-5554-4baf-a175-8d8f4b4c2784}: [DhcpNameServer] 192.168.1.1 Edge: ======= Edge DefaultProfile: Default Edge Profile: C:\Users\patrick\AppData\Local\Microsoft\Edge\User Data\Default [2023-07-19] Edge Extension: (Edge relevant text changes) - C:\Users\patrick\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-04-30] FireFox: ======== FF DefaultProfile: lphh24a8.default FF ProfilePath: C:\Users\patrick\AppData\Roaming\Mozilla\Firefox\Profiles\lphh24a8.default [2023-04-14] FF ProfilePath: C:\Users\patrick\AppData\Roaming\Mozilla\Firefox\Profiles\uphee94t.default-release [2023-07-21] FF DownloadDir: C:\Users\patrick\Desktop FF Extension: (AdGuard AdBlocker) - C:\Users\patrick\AppData\Roaming\Mozilla\Firefox\Profiles\uphee94t.default-release\Extensions\adguardadblocker@adguard.com.xpi [2023-07-21] FF Extension: (Ghostery – Bloqueur de publicité protégeant la vie privée) - C:\Users\patrick\AppData\Roaming\Mozilla\Firefox\Profiles\uphee94t.default-release\Extensions\firefox@ghostery.com.xpi [2023-06-13] FF Extension: (uBlock Origin) - C:\Users\patrick\AppData\Roaming\Mozilla\Firefox\Profiles\uphee94t.default-release\Extensions\uBlock0@raymondhill.net.xpi [2023-06-13] FF Extension: (ImTranslator: Traducteur, Dictionnaire, Voix) - C:\Users\patrick\AppData\Roaming\Mozilla\Firefox\Profiles\uphee94t.default-release\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2023-07-13] ==================== Services (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) S3 CloudBackupRestoreSvc; C:\WINDOWS\System32\CloudRestoreLauncher.dll [1064960 2023-07-08] (Microsoft Windows -> Microsoft Corporation) R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.) S3 refsdedupsvc; C:\WINDOWS\System32\ReFsDedupSvc.exe [2027520 2023-07-08] (Microsoft Windows -> Microsoft Corporation) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [421832 2023-07-08] (Microsoft Windows Publisher -> Microsoft Corporation) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23060.1012-0\NisSrv.exe [3058992 2023-07-13] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23060.1012-0\MsMpEng.exe [133536 2023-07-13] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Pilotes (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) R3 CDD; C:\WINDOWS\System32\cdd.dll [319488 2023-07-08] (Microsoft Windows -> Microsoft Corporation) S3 devmap; C:\WINDOWS\System32\DriverStore\FileRepository\devmap.inf_amd64_93056a03a2b2cadf\devmap.sys [36864 2023-07-08] (Microsoft Windows -> ) S3 DisplayMux; C:\WINDOWS\System32\drivers\DisplayMux.sys [57344 2023-07-08] (Microsoft Windows -> Microsoft Corporation) S3 I3CHost; C:\WINDOWS\System32\DriverStore\FileRepository\i3chost.inf_amd64_1b70f335a5805067\I3CHost.sys [61728 2023-07-08] (Microsoft Windows -> Microsoft Corporation) S3 kdnic_legacy; C:\WINDOWS\System32\drivers\kdnic_legacy.sys [65824 2023-07-08] (Microsoft Windows -> Microsoft Corporation) S2 NetworkPrivacyPolicy; C:\WINDOWS\System32\DriverStore\FileRepository\networkprivacypolicy.inf_amd64_c5c913661643bbe5\NetworkPrivacyPolicy.sys [73728 2023-07-08] (Microsoft Windows -> ) R3 RSP2STOR; C:\WINDOWS\System32\drivers\RtsP2Stor.sys [347224 2020-05-25] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) R3 SNP2UVC; C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [3481696 2015-06-24] (Sonix Technology CO., LTD -> Sonix Co. Ltd.) S4 UCPD; C:\WINDOWS\System32\drivers\UCPD.sys [29184 2023-07-08] (Microsoft Windows -> Microsoft Corporation) R1 Uio; C:\WINDOWS\System32\DriverStore\FileRepository\uio.inf_amd64_22ed683092fd7a0c\Uio.sys [53248 2023-07-08] (Microsoft Windows -> ) S3 UmPass; C:\WINDOWS\System32\DriverStore\FileRepository\umpass.inf_amd64_90d058b348085cab\umpass.sys [53248 2023-07-08] (Microsoft Windows -> Microsoft Corporation) R2 UnionFS; C:\WINDOWS\system32\drivers\UnionFS.sys [426272 2023-07-08] (Microsoft Windows -> Microsoft Corporation) R3 vwifibus; C:\WINDOWS\System32\DriverStore\FileRepository\netvwifibus.inf_amd64_55698b9042bc5f89\vwifibus.sys [65536 2023-07-08] (Microsoft Windows -> Microsoft Corporation) R3 vwifimp; C:\WINDOWS\System32\DriverStore\FileRepository\netvwifimp.inf_amd64_a0fa1f18ebde01de\vwifimp.sys [86016 2023-07-08] (Microsoft Windows -> Microsoft Corporation) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [55752 2023-07-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [216344 2023-07-08] (Microsoft Windows -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [576792 2023-07-13] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [104728 2023-07-13] (Microsoft Windows -> Microsoft Corporation) S3 WinAccelCx0101; C:\WINDOWS\System32\drivers\WinAccelCx.sys [123168 2023-07-08] (Microsoft Windows -> Microsoft Corporation) S3 WSDPrintDevice; C:\WINDOWS\System32\DriverStore\FileRepository\wsdprint.inf_amd64_c9a16057a407466d\WSDPrint.sys [57344 2023-07-08] (Microsoft Windows -> Microsoft Corporation) S3 ZTDNS; C:\WINDOWS\System32\drivers\ztdns.sys [90400 2023-07-08] (Microsoft Windows -> Microsoft Corporation) S0 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X] ==================== NetSvcs (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) ==================== Trois mois (créés) (Avec liste blanche) ========= (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2023-07-21 14:10 - 2023-07-21 14:11 - 000017226 _____ C:\Users\patrick\Desktop\FRST.txt 2023-07-21 14:09 - 2023-07-21 14:10 - 000000000 ____D C:\FRST 2023-07-21 14:08 - 2023-07-21 14:08 - 002384384 _____ (Farbar) C:\Users\patrick\Desktop\FRST64.exe 2023-07-21 14:06 - 2023-07-21 14:06 - 000220802 _____ C:\Users\patrick\Desktop\ZHPDiag.txt 2023-07-21 13:53 - 2023-07-21 14:06 - 000000000 ____D C:\Users\patrick\AppData\Roaming\ZHP 2023-07-21 13:53 - 2023-07-21 13:59 - 000000867 _____ C:\Users\patrick\Desktop\ZHPSuite.lnk 2023-07-21 13:53 - 2023-07-21 13:53 - 000000000 ____D C:\Users\patrick\AppData\Local\ZHP 2023-07-21 13:52 - 2023-07-21 13:52 - 003511456 _____ (Nicolas Coolman) C:\Users\patrick\Desktop\ZHPSuite.exe 2023-07-16 16:25 - 2023-07-16 16:25 - 000753982 _____ C:\WINDOWS\system32\perfh00C.dat 2023-07-16 16:25 - 2023-07-16 16:25 - 000150312 _____ C:\WINDOWS\system32\perfc00C.dat 2023-07-16 14:02 - 2023-07-17 11:38 - 000001384 _____ C:\Users\patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk 2023-07-16 11:27 - 2023-07-17 11:38 - 000001278 _____ C:\Users\patrick\Desktop\ESET Online Scanner.lnk 2023-07-16 11:27 - 2023-07-16 11:27 - 000000000 ____D C:\Users\patrick\AppData\Local\ESET 2023-07-13 18:53 - 2023-07-13 18:10 - 000000000 ____D C:\Windows.old 2023-07-13 18:48 - 2023-07-13 18:54 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate 2023-07-13 18:46 - 2023-07-13 18:48 - 000000000 ____D C:\WINDOWS\ServiceProfiles 2023-07-13 18:46 - 2023-07-13 18:46 - 000008192 _____ C:\WINDOWS\system32\config\userdiff 2023-07-13 18:43 - 2023-07-13 18:43 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp 2023-07-13 18:43 - 2023-07-13 18:43 - 000000000 ____D C:\WINDOWS\system32\FxsTmp 2023-07-13 18:43 - 2023-07-13 18:43 - 000000000 ____D C:\WINDOWS\addins 2023-07-13 18:33 - 2023-07-13 18:33 - 000000000 ____D C:\ProgramData\Microsoft OneDrive 2023-07-13 18:30 - 2023-07-13 18:30 - 000000020 ___SH C:\Users\patrick\ntuser.ini 2023-07-13 18:09 - 2023-07-16 16:25 - 001682410 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2023-07-13 18:09 - 2023-07-16 14:07 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2023-07-13 18:09 - 2023-07-13 18:09 - 000003694 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA{8303B450-ECD2-44A9-A419-753C99C10EEE} 2023-07-13 18:09 - 2023-07-13 18:09 - 000003470 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore{815D9E11-C34F-4F16-BB12-7786D29CEF63} 2023-07-13 18:09 - 2023-07-13 18:09 - 000002590 _____ C:\WINDOWS\system32\Tasks\CreateExplorerShellUnelevatedTask 2023-07-13 18:09 - 2023-07-13 18:09 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla 2023-07-13 18:09 - 2023-07-13 18:09 - 000000000 ____D C:\WINDOWS\system32\Tasks\Lenovo 2023-07-13 18:09 - 2023-07-13 18:09 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime 2023-07-13 18:08 - 2023-07-13 18:09 - 000017148 _____ C:\WINDOWS\diagwrn.xml 2023-07-13 18:08 - 2023-07-13 18:09 - 000017148 _____ C:\WINDOWS\diagerr.xml 2023-07-13 18:08 - 2023-07-13 18:08 - 000000000 ____D C:\WINDOWS\Minidump 2023-07-13 18:08 - 2023-07-13 18:08 - 000000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Network 2023-07-13 18:07 - 2023-07-16 14:07 - 000000292 _____ C:\WINDOWS\system32\5E37410B-D6F1-471D-AE27-563CEAC0D6B2 2023-07-13 18:07 - 2023-07-13 18:07 - 000000000 ____D C:\Users\patrick\AppData\Roaming\Microsoft\SystemCertificates 2023-07-13 18:07 - 2023-07-13 18:07 - 000000000 ____D C:\Users\patrick\AppData\Roaming\Microsoft\Network 2023-07-13 18:07 - 2023-07-13 18:07 - 000000000 ____D C:\Users\patrick\AppData\Roaming\Microsoft\Crypto 2023-07-13 18:07 - 2023-07-13 18:07 - 000000000 ____D C:\Users\patri\AppData\Roaming\Microsoft\SystemCertificates 2023-07-13 18:07 - 2023-07-13 18:07 - 000000000 ____D C:\Users\patri\AppData\Roaming\Microsoft\Network 2023-07-13 18:07 - 2023-07-13 18:07 - 000000000 ____D C:\Users\patri\AppData\Roaming\Microsoft\Crypto 2023-07-13 18:02 - 2023-07-13 18:30 - 000000000 ____D C:\Users\patrick\AppData\Roaming\Microsoft\Windows 2023-07-13 18:02 - 2023-07-13 18:30 - 000000000 ____D C:\Users\patrick 2023-07-13 18:02 - 2023-07-13 18:07 - 000000000 ____D C:\Users\patri\AppData\Roaming\Microsoft\Windows 2023-07-13 18:02 - 2023-07-13 18:07 - 000000000 ____D C:\Users\patri 2023-07-13 18:02 - 2023-07-13 18:02 - 000000000 _SHDL C:\Users\patrick\Voisinage réseau 2023-07-13 18:02 - 2023-07-13 18:02 - 000000000 _SHDL C:\Users\patrick\Voisinage d'impression 2023-07-13 18:02 - 2023-07-13 18:02 - 000000000 _SHDL C:\Users\patrick\Modèles 2023-07-13 18:02 - 2023-07-13 18:02 - 000000000 _SHDL C:\Users\patrick\Mes documents 2023-07-13 18:02 - 2023-07-13 18:02 - 000000000 _SHDL C:\Users\patrick\Menu Démarrer 2023-07-13 18:02 - 2023-07-13 18:02 - 000000000 _SHDL C:\Users\patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes 2023-07-13 18:02 - 2023-07-13 18:02 - 000000000 _SHDL C:\Users\patrick\AppData\Local\Historique 2023-07-13 18:02 - 2023-07-13 18:02 - 000000000 _SHDL C:\Users\patri\Voisinage réseau 2023-07-13 18:02 - 2023-07-13 18:02 - 000000000 _SHDL C:\Users\patri\Voisinage d'impression 2023-07-13 18:02 - 2023-07-13 18:02 - 000000000 _SHDL C:\Users\patri\Modèles 2023-07-13 18:02 - 2023-07-13 18:02 - 000000000 _SHDL C:\Users\patri\Mes documents 2023-07-13 18:02 - 2023-07-13 18:02 - 000000000 _SHDL C:\Users\patri\Menu Démarrer 2023-07-13 18:02 - 2023-07-13 18:02 - 000000000 _SHDL C:\Users\patri\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes 2023-07-13 18:02 - 2023-07-13 18:02 - 000000000 _SHDL C:\Users\patri\AppData\Local\Historique 2023-07-13 18:02 - 2023-07-13 18:02 - 000000000 ____D C:\Users\patrick\AppData\Roaming\Microsoft\Spelling 2023-07-13 18:02 - 2023-07-13 18:02 - 000000000 ____D C:\Users\patri\AppData\Roaming\Microsoft\Spelling 2023-07-13 17:59 - 2023-07-16 13:57 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2023-07-13 17:59 - 2023-07-13 17:59 - 000297464 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2023-07-13 16:13 - 2023-07-13 18:10 - 000000000 ___DC C:\WINDOWS\Panther 2023-07-12 16:13 - 2023-07-12 20:39 - 000000000 ____D C:\Program Files\Mozilla Firefox 2023-07-08 18:05 - 2023-07-13 18:45 - 000000000 ____D C:\WINDOWS\Containers 2023-07-08 18:05 - 2023-07-13 18:40 - 000000000 ____D C:\Program Files\Windows Photo Viewer 2023-07-08 18:05 - 2023-07-13 18:40 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2023-07-08 18:05 - 2023-07-13 18:40 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2023-07-08 18:05 - 2023-07-08 18:05 - 000000000 ___SD C:\WINDOWS\system32\AppV 2023-07-08 18:05 - 2023-07-08 18:05 - 000000000 ____D C:\WINDOWS\system32\Drivers\mde 2023-07-08 18:05 - 2023-07-08 18:05 - 000000000 ____D C:\WINDOWS\RemotePackages 2023-07-08 18:05 - 2023-07-08 18:05 - 000000000 ____D C:\WINDOWS\InboxApps 2023-07-08 18:05 - 2023-07-08 18:05 - 000000000 ____D C:\ProgramData\WindowsHolographicDevices 2023-07-08 18:04 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync 2023-07-08 18:04 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\system32\OpenSSH 2023-07-08 18:04 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync 2023-07-08 18:04 - 2023-07-08 18:04 - 000000000 ____D C:\ProgramData\ssh 2023-07-08 18:03 - 2023-07-13 18:40 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm 2023-07-08 18:03 - 2023-07-13 18:40 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN 2023-07-08 18:03 - 2023-07-13 18:40 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr 2023-07-08 18:03 - 2023-07-13 18:40 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts 2023-07-08 18:03 - 2023-07-13 18:40 - 000000000 ____D C:\WINDOWS\system32\winrm 2023-07-08 18:03 - 2023-07-13 18:40 - 000000000 ____D C:\WINDOWS\system32\WCN 2023-07-08 18:03 - 2023-07-13 18:40 - 000000000 ____D C:\WINDOWS\system32\slmgr 2023-07-08 18:03 - 2023-07-13 18:40 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts 2023-07-08 18:03 - 2023-07-08 18:05 - 000000000 ____D C:\WINDOWS\system32\fr 2023-07-08 18:03 - 2023-07-08 18:03 - 000000000 ____D C:\WINDOWS\SysWOW64\sysprep 2023-07-08 18:03 - 2023-07-08 18:03 - 000000000 ____D C:\WINDOWS\SysWOW64\fr 2023-07-08 18:03 - 2023-07-08 18:03 - 000000000 ____D C:\WINDOWS\SysWOW64\0409 2023-07-08 18:03 - 2023-07-08 18:03 - 000000000 ____D C:\WINDOWS\system32\0409 2023-07-08 18:03 - 2023-07-08 18:03 - 000000000 ____D C:\WINDOWS\DigitalLocker 2023-07-08 12:38 - 2023-07-08 12:38 - 000000000 _SHDL C:\Users\Default User 2023-07-08 12:38 - 2023-07-08 12:38 - 000000000 _SHDL C:\Users\All Users 2023-07-08 12:31 - 2023-07-13 18:51 - 000000000 ____D C:\WINDOWS\Setup 2023-07-08 12:27 - 2023-07-21 14:01 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2023-07-08 12:27 - 2023-07-21 13:48 - 000000000 ____D C:\WINDOWS\SystemTemp 2023-07-08 12:27 - 2023-07-20 13:30 - 000000000 ____D C:\WINDOWS\AppReadiness 2023-07-08 12:27 - 2023-07-20 13:17 - 000000000 ___HD C:\Program Files\WindowsApps 2023-07-08 12:27 - 2023-07-16 14:09 - 000000000 ____D C:\WINDOWS\system32\AppLocker 2023-07-08 12:27 - 2023-07-16 14:07 - 000000000 ____D C:\WINDOWS\ServiceState 2023-07-08 12:27 - 2023-07-16 09:36 - 000000000 ____D C:\WINDOWS\appcompat 2023-07-08 12:27 - 2023-07-13 18:54 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template 2023-07-08 12:27 - 2023-07-13 18:54 - 000000000 ___RD C:\Program Files (x86) 2023-07-08 12:27 - 2023-07-13 18:54 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase 2023-07-08 12:27 - 2023-07-13 18:54 - 000000000 ____D C:\WINDOWS\system32\spool 2023-07-08 12:27 - 2023-07-13 18:54 - 000000000 ____D C:\WINDOWS\system32\SecurityHealth 2023-07-08 12:27 - 2023-07-13 18:54 - 000000000 ____D C:\WINDOWS\system32\oobe 2023-07-08 12:27 - 2023-07-13 18:54 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2023-07-08 12:27 - 2023-07-13 18:50 - 000000000 __RHD C:\Users\Public\Libraries 2023-07-08 12:27 - 2023-07-13 18:48 - 000000000 ____D C:\WINDOWS\SysWOW64\InputMethod 2023-07-08 12:27 - 2023-07-13 18:48 - 000000000 ____D C:\WINDOWS\SysWOW64\IME 2023-07-08 12:27 - 2023-07-13 18:46 - 000000000 ____D C:\ProgramData\USOPrivate 2023-07-08 12:27 - 2023-07-13 18:43 - 000000000 ____D C:\WINDOWS\system32\setup 2023-07-08 12:27 - 2023-07-13 18:40 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12 2023-07-08 12:27 - 2023-07-13 18:40 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs 2023-07-08 12:27 - 2023-07-13 18:40 - 000000000 ___SD C:\WINDOWS\system32\F12 2023-07-08 12:27 - 2023-07-13 18:40 - 000000000 ___SD C:\WINDOWS\system32\dsc 2023-07-08 12:27 - 2023-07-13 18:40 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs 2023-07-08 12:27 - 2023-07-13 18:40 - 000000000 ___RD C:\Program Files (x86)\Windows Defender 2023-07-08 12:27 - 2023-07-13 18:40 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2023-07-08 12:27 - 2023-07-13 18:40 - 000000000 ____D C:\WINDOWS\system32\Sgrm 2023-07-08 12:27 - 2023-07-13 18:40 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation 2023-07-08 12:27 - 2023-07-13 18:40 - 000000000 ____D C:\WINDOWS\system32\migwiz 2023-07-08 12:27 - 2023-07-13 18:22 - 000000000 ____D C:\WINDOWS\OCR 2023-07-08 12:27 - 2023-07-13 18:10 - 000000000 ____D C:\Program Files\Windows NT 2023-07-08 12:27 - 2023-07-13 18:09 - 000000000 ___RD C:\Program Files\Windows Defender 2023-07-08 12:27 - 2023-07-13 18:08 - 000000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows 2023-07-08 12:27 - 2023-07-13 18:04 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2023-07-08 12:27 - 2023-07-13 18:01 - 000000000 ____D C:\WINDOWS\system32\config\TxR 2023-07-08 12:27 - 2023-07-13 17:59 - 000000000 ____D C:\WINDOWS\system32\Drivers\DriverData 2023-07-08 12:27 - 2023-07-08 18:05 - 000000000 ____D C:\WINDOWS\SystemResources 2023-07-08 12:27 - 2023-07-08 18:05 - 000000000 ____D C:\WINDOWS\SystemApps 2023-07-08 12:27 - 2023-07-08 18:05 - 000000000 ____D C:\WINDOWS\system32\qps-plocm 2023-07-08 12:27 - 2023-07-08 18:05 - 000000000 ____D C:\WINDOWS\system32\qps-ploc 2023-07-08 12:27 - 2023-07-08 18:05 - 000000000 ____D C:\WINDOWS\ShellComponents 2023-07-08 12:27 - 2023-07-08 18:05 - 000000000 ____D C:\WINDOWS\security 2023-07-08 12:27 - 2023-07-08 18:05 - 000000000 ____D C:\WINDOWS\schemas 2023-07-08 12:27 - 2023-07-08 18:05 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\SysWOW64\qps-plocm 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\SysWOW64\qps-ploc 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\SysWOW64\hi-IN 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\system32\vi-VN 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\system32\ur-PK 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\system32\ug-CN 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\system32\tt-RU 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\system32\te-IN 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\system32\ta-IN 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\system32\sq-AL 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\system32\quz-PE 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\system32\pa-IN 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\system32\or-IN 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\system32\nn-NO 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\system32\ne-NP 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\system32\mt-MT 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\system32\mr-IN 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\system32\ml-IN 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\system32\mk-MK 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\system32\mi-NZ 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\system32\lo-LA 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\system32\lb-LU 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\system32\kok-IN 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\system32\kn-IN 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\system32\km-KH 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\system32\kk-KZ 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\system32\ka-GE 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\system32\is-IS 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\system32\id-ID 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\system32\hy-AM 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\system32\hi-IN 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\system32\gu-IN 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\system32\gl-ES 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\system32\gd-GB 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\system32\ga-IE 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\system32\fil-PH 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\system32\fa-IR 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\system32\eu-ES 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\system32\cy-GB 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\system32\ca-ES 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\system32\bn-IN 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\system32\be-BY 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\system32\as-IN 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\system32\am-ET 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\system32\af-ZA 2023-07-08 12:27 - 2023-07-08 18:04 - 000000000 ____D C:\WINDOWS\Globalization 2023-07-08 12:27 - 2023-07-08 18:03 - 000000000 ____D C:\WINDOWS\SysWOW64\setup 2023-07-08 12:27 - 2023-07-08 18:03 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe 2023-07-08 12:27 - 2023-07-08 18:03 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI 2023-07-08 12:27 - 2023-07-08 18:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2023-07-08 12:27 - 2023-07-08 18:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Com 2023-07-08 12:27 - 2023-07-08 18:03 - 000000000 ____D C:\WINDOWS\system32\Sysprep 2023-07-08 12:27 - 2023-07-08 18:03 - 000000000 ____D C:\WINDOWS\system32\MUI 2023-07-08 12:27 - 2023-07-08 18:03 - 000000000 ____D C:\WINDOWS\system32\Dism 2023-07-08 12:27 - 2023-07-08 18:03 - 000000000 ____D C:\WINDOWS\system32\Com 2023-07-08 12:27 - 2023-07-08 18:03 - 000000000 ____D C:\WINDOWS\IME 2023-07-08 12:27 - 2023-07-08 18:03 - 000000000 ____D C:\WINDOWS\Help 2023-07-08 12:27 - 2023-07-08 18:03 - 000000000 ____D C:\WINDOWS\BrowserCore 2023-07-08 12:27 - 2023-07-08 18:03 - 000000000 ____D C:\Program Files\Common Files\System 2023-07-08 12:27 - 2023-07-08 18:03 - 000000000 ____D C:\Program Files (x86)\Windows NT 2023-07-08 12:27 - 2023-07-08 12:39 - 000000000 __SHD C:\Program Files\Windows Sidebar 2023-07-08 12:27 - 2023-07-08 12:39 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar 2023-07-08 12:27 - 2023-07-08 12:39 - 000000000 __RSD C:\WINDOWS\Media 2023-07-08 12:27 - 2023-07-08 12:39 - 000000000 ___SD C:\WINDOWS\SysWOW64\Configuration 2023-07-08 12:27 - 2023-07-08 12:39 - 000000000 ___SD C:\WINDOWS\system32\Configuration 2023-07-08 12:27 - 2023-07-08 12:39 - 000000000 ____D C:\WINDOWS\Web 2023-07-08 12:27 - 2023-07-08 12:39 - 000000000 ____D C:\WINDOWS\SysWOW64\SMI 2023-07-08 12:27 - 2023-07-08 12:39 - 000000000 ____D C:\WINDOWS\system32\winevt 2023-07-08 12:27 - 2023-07-08 12:39 - 000000000 ____D C:\WINDOWS\system32\ras 2023-07-08 12:27 - 2023-07-08 12:39 - 000000000 ____D C:\WINDOWS\system32\PointOfService 2023-07-08 12:27 - 2023-07-08 12:39 - 000000000 ____D C:\WINDOWS\system32\Pbr 2023-07-08 12:27 - 2023-07-08 12:39 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView 2023-07-08 12:27 - 2023-07-08 12:39 - 000000000 ____D C:\WINDOWS\SKB 2023-07-08 12:27 - 2023-07-08 12:39 - 000000000 ____D C:\WINDOWS\Resources 2023-07-08 12:27 - 2023-07-08 12:39 - 000000000 ____D C:\WINDOWS\Registration 2023-07-08 12:27 - 2023-07-08 12:39 - 000000000 ____D C:\WINDOWS\Provisioning 2023-07-08 12:27 - 2023-07-08 12:39 - 000000000 ____D C:\WINDOWS\PLA 2023-07-08 12:27 - 2023-07-08 12:39 - 000000000 ____D C:\WINDOWS\InputMethod 2023-07-08 12:27 - 2023-07-08 12:39 - 000000000 ____D C:\WINDOWS\IdentityCRL 2023-07-08 12:27 - 2023-07-08 12:39 - 000000000 ____D C:\WINDOWS\DiagTrack 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ___SD C:\WINDOWS\SysWOW64\Nui 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ___SD C:\WINDOWS\SysWOW64\lxss 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ___SD C:\WINDOWS\system32\UNP 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ___SD C:\WINDOWS\system32\Nui 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ___SD C:\WINDOWS\system32\lxss 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ___RD C:\WINDOWS\Offline Web Pages 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ___HD C:\WINDOWS\LanguageOverlayCache 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ____D C:\WINDOWS\WUModels 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ____D C:\WINDOWS\WaaS 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ____D C:\WINDOWS\Vss 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ____D C:\WINDOWS\UUS 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ____D C:\WINDOWS\tracing 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ____D C:\WINDOWS\TAPI 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ____D C:\WINDOWS\SysWOW64\ShellExperiences 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ____D C:\WINDOWS\SysWOW64\ras 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ____D C:\WINDOWS\SysWOW64\NDF 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ____D C:\WINDOWS\SysWOW64\Msdtc 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ____D C:\WINDOWS\SysWOW64\Ipmi 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ____D C:\WINDOWS\SysWOW64\icsxml 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ____D C:\WINDOWS\SysWOW64\downlevel 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ____D C:\WINDOWS\SysWOW64\DDFs 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ____D C:\WINDOWS\SysWOW64\Bthprops 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ____D C:\WINDOWS\SysWOW64\AppLocker 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ____D C:\WINDOWS\system32\WinMetadata 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ____D C:\WINDOWS\system32\WebThreatDefSvc 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ____D C:\WINDOWS\system32\ProximityToast 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ____D C:\WINDOWS\system32\NDF 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ____D C:\WINDOWS\system32\Keywords 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ____D C:\WINDOWS\system32\Ipmi 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ____D C:\WINDOWS\system32\InputMethod 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ____D C:\WINDOWS\system32\inetsrv 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ____D C:\WINDOWS\system32\IME 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ____D C:\WINDOWS\system32\icsxml 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ____D C:\WINDOWS\system32\ias 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ____D C:\WINDOWS\system32\HealthAttestationClient 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ____D C:\WINDOWS\system32\DriverState 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ____D C:\WINDOWS\system32\downlevel 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ____D C:\WINDOWS\system32\DDFs 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ____D C:\WINDOWS\system32\config\systemprofile 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ____D C:\WINDOWS\system32\config\RegBack 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ____D C:\WINDOWS\system32\config\Journal 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ____D C:\WINDOWS\system32\Bthprops 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ____D C:\WINDOWS\system32\appraiser 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ____D C:\WINDOWS\System 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ____D C:\WINDOWS\ShellExperiences 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ____D C:\WINDOWS\SchCache 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ____D C:\WINDOWS\rescache 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ____D C:\WINDOWS\Performance 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ____D C:\WINDOWS\ModemLogs 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ____D C:\WINDOWS\L2Schemas 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ____D C:\WINDOWS\GameBarPresenceWriter 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ____D C:\WINDOWS\Cursors 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ____D C:\WINDOWS\Branding 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ____D C:\WINDOWS\bcastdvr 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Spelling 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ____D C:\ProgramData\USOShared 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ____D C:\Program Files\ModifiableWindowsApps 2023-07-08 12:27 - 2023-07-08 12:27 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2023-07-08 12:27 - 2023-07-08 12:25 - 000003103 _____ C:\WINDOWS\SysWOW64\mmc.exe.config 2023-07-08 12:27 - 2023-07-08 12:25 - 000003103 _____ C:\WINDOWS\system32\mmc.exe.config 2023-07-08 12:27 - 2023-07-08 12:25 - 000000858 _____ C:\WINDOWS\system32\DefaultQuestions.json 2023-07-08 12:25 - 2023-07-16 16:25 - 000000000 ____D C:\WINDOWS\INF 2023-07-08 12:23 - 2023-07-08 12:23 - 000089761 _____ C:\WINDOWS\system32\DiskSnapshot.conf 2023-07-08 12:23 - 2023-07-08 12:23 - 000052009 _____ C:\WINDOWS\SysWOW64\ctac.json 2023-07-08 12:23 - 2023-07-08 12:23 - 000052009 _____ C:\WINDOWS\system32\ctac.json 2023-07-08 12:23 - 2023-07-08 12:23 - 000049152 _____ (Microsoft) C:\WINDOWS\system32\oflc-nz.rs 2023-07-08 12:23 - 2023-07-08 12:23 - 000049152 _____ (Microsoft) C:\WINDOWS\system32\csrr.rs 2023-07-08 12:23 - 2023-07-08 12:23 - 000045056 _____ (Microsoft) C:\WINDOWS\system32\fpb.rs 2023-07-08 12:23 - 2023-07-08 12:23 - 000040960 _____ (Microsoft) C:\WINDOWS\system32\esrb.rs 2023-07-08 12:23 - 2023-07-08 12:23 - 000040960 _____ (Microsoft) C:\WINDOWS\system32\cero.rs 2023-07-08 12:23 - 2023-07-08 12:23 - 000040448 _____ (Microsoft) C:\WINDOWS\SysWOW64\csrr.rs 2023-07-08 12:23 - 2023-07-08 12:23 - 000038400 _____ (Microsoft) C:\WINDOWS\SysWOW64\oflc-nz.rs 2023-07-08 12:23 - 2023-07-08 12:23 - 000038128 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\iaLPSSi_GPIO.sys 2023-07-08 12:23 - 2023-07-08 12:23 - 000037888 _____ (Microsoft) C:\WINDOWS\SysWOW64\fpb.rs 2023-07-08 12:23 - 2023-07-08 12:23 - 000036864 _____ (Microsoft) C:\WINDOWS\system32\usk.rs 2023-07-08 12:23 - 2023-07-08 12:23 - 000036864 _____ (Microsoft) C:\WINDOWS\system32\cob-au.rs 2023-07-08 12:23 - 2023-07-08 12:23 - 000036256 _____ C:\WINDOWS\system32\Microsoft.Management.Deployment.winmd 2023-07-08 12:23 - 2023-07-08 12:23 - 000033280 _____ (Microsoft) C:\WINDOWS\SysWOW64\cero.rs 2023-07-08 12:23 - 2023-07-08 12:23 - 000030208 _____ (Microsoft) C:\WINDOWS\SysWOW64\esrb.rs 2023-07-08 12:23 - 2023-07-08 12:23 - 000028672 _____ (Microsoft) C:\WINDOWS\system32\pegi-pt.rs 2023-07-08 12:23 - 2023-07-08 12:23 - 000028672 _____ (Microsoft) C:\WINDOWS\system32\pegi.rs 2023-07-08 12:23 - 2023-07-08 12:23 - 000028672 _____ (Microsoft) C:\WINDOWS\system32\grb.rs 2023-07-08 12:23 - 2023-07-08 12:23 - 000027648 _____ (Microsoft) C:\WINDOWS\SysWOW64\usk.rs 2023-07-08 12:23 - 2023-07-08 12:23 - 000027648 _____ (Microsoft) C:\WINDOWS\SysWOW64\cob-au.rs 2023-07-08 12:23 - 2023-07-08 12:23 - 000024576 _____ (Microsoft) C:\WINDOWS\system32\pcbp.rs 2023-07-08 12:23 - 2023-07-08 12:23 - 000024576 _____ (Microsoft) C:\WINDOWS\system32\djctq.rs 2023-07-08 12:23 - 2023-07-08 12:23 - 000019456 _____ (Microsoft) C:\WINDOWS\SysWOW64\pegi-pt.rs 2023-07-08 12:23 - 2023-07-08 12:23 - 000019456 _____ (Microsoft) C:\WINDOWS\SysWOW64\pegi.rs 2023-07-08 12:23 - 2023-07-08 12:23 - 000017920 _____ (Microsoft) C:\WINDOWS\SysWOW64\grb.rs 2023-07-08 12:23 - 2023-07-08 12:23 - 000014336 _____ (Microsoft) C:\WINDOWS\SysWOW64\djctq.rs 2023-07-08 12:23 - 2023-07-08 12:23 - 000013824 _____ (Microsoft) C:\WINDOWS\SysWOW64\pcbp.rs 2023-07-08 12:23 - 2023-07-08 12:23 - 000012288 _____ (Microsoft) C:\WINDOWS\system32\WEB.rs 2023-07-08 12:23 - 2023-07-08 12:23 - 000011279 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json 2023-07-08 12:23 - 2023-07-08 12:23 - 000010576 _____ C:\WINDOWS\system32\TransformPPSToWlan.xslt 2023-07-08 12:23 - 2023-07-08 12:23 - 000004805 _____ C:\WINDOWS\system32\ResPriUHMImageList 2023-07-08 12:23 - 2023-07-08 12:23 - 000004805 _____ C:\WINDOWS\system32\ResPriLMImageList 2023-07-08 12:23 - 2023-07-08 12:23 - 000004805 _____ C:\WINDOWS\system32\ResPriImageListLowCost 2023-07-08 12:23 - 2023-07-08 12:23 - 000004805 _____ C:\WINDOWS\system32\ResPriImageList 2023-07-08 12:23 - 2023-07-08 12:23 - 000004805 _____ C:\WINDOWS\system32\ResPriHMImageListLowCost 2023-07-08 12:23 - 2023-07-08 12:23 - 000004805 _____ C:\WINDOWS\system32\ResPriHMImageList 2023-07-08 12:23 - 2023-07-08 12:23 - 000004608 _____ (Microsoft) C:\WINDOWS\SysWOW64\WEB.rs 2023-07-08 12:23 - 2023-07-08 12:23 - 000001820 _____ C:\WINDOWS\SysWOW64\rasctrnm.h 2023-07-08 12:23 - 2023-07-08 12:23 - 000001820 _____ C:\WINDOWS\system32\rasctrnm.h 2023-07-08 12:23 - 2023-07-08 12:23 - 000001688 _____ C:\WINDOWS\system32\TransformPPSToWlanCredentials.xslt 2023-07-08 12:23 - 2023-07-08 12:23 - 000000670 ___RH C:\WINDOWS\WindowsShell.Manifest 2023-07-08 12:23 - 2023-07-08 12:23 - 000000146 _____ C:\WINDOWS\system32\UevAppMonitor.exe.config 2023-07-08 12:23 - 2023-07-08 12:23 - 000000112 _____ C:\WINDOWS\SysWOW64\MixedRealityRuntime.json 2023-07-08 12:23 - 2023-07-08 12:23 - 000000112 _____ C:\WINDOWS\system32\MixedRealityRuntime.json 2023-07-08 12:22 - 2023-07-16 14:07 - 078118912 _____ C:\WINDOWS\system32\config\SOFTWARE 2023-07-08 12:22 - 2023-07-16 14:07 - 022806528 _____ C:\WINDOWS\system32\config\SYSTEM 2023-07-08 12:22 - 2023-07-16 14:07 - 000786432 _____ C:\WINDOWS\system32\config\DEFAULT 2023-07-08 12:22 - 2023-07-16 14:07 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2023-07-08 12:22 - 2023-07-16 14:07 - 000131072 _____ C:\WINDOWS\system32\config\SAM 2023-07-08 12:22 - 2023-07-16 14:07 - 000065536 _____ C:\WINDOWS\system32\config\SECURITY 2023-07-08 12:22 - 2023-07-13 18:23 - 000000000 ____D C:\WINDOWS\CbsTemp 2023-07-08 12:22 - 2023-07-13 18:22 - 000000000 ____D C:\WINDOWS\servicing 2023-07-08 12:22 - 2023-07-13 18:10 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2023-07-08 12:22 - 2023-07-08 12:39 - 000000000 ____D C:\WINDOWS\system32\SMI 2023-07-01 09:33 - 2023-07-01 09:33 - 000000000 ____D C:\Users\patri\AppData\Local\Comms 2023-06-30 17:25 - 2023-06-30 17:25 - 000000000 ____D C:\Users\patri\AppData\Local\Publishers 2023-06-30 13:59 - 2023-06-30 13:59 - 000000000 ____D C:\Users\patri\AppData\Local\Lenovo 2023-06-30 13:56 - 2023-06-30 13:56 - 000000000 ____D C:\Users\patri\AppData\Local\PlaceholderTileLogoFolder 2023-06-30 13:51 - 2023-07-13 18:02 - 000000000 ____D C:\Users\patri\AppData\Local\Packages 2023-06-30 13:51 - 2023-07-10 20:27 - 000000000 ____D C:\Users\patri\AppData\Local\ConnectedDevicesPlatform 2023-06-30 13:51 - 2023-07-10 20:18 - 000000000 __SHD C:\Users\patri\IntelGraphicsProfiles 2023-06-30 13:51 - 2023-06-30 13:51 - 000000000 ____D C:\Users\patri\AppData\Roaming\Microsoft\Vault 2023-06-30 13:51 - 2023-06-30 13:51 - 000000000 ____D C:\Users\patri\AppData\Roaming\Adobe 2023-06-30 13:51 - 2023-06-30 13:51 - 000000000 ____D C:\Users\patri\AppData\Local\VirtualStore 2023-06-30 13:50 - 2023-07-10 20:26 - 000000000 ___SD C:\Users\patri\AppData\Roaming\Microsoft\Protect 2023-06-30 13:50 - 2023-06-30 13:50 - 000000000 ___SD C:\Users\patri\AppData\Roaming\Microsoft\Credentials 2023-06-30 13:50 - 2023-04-09 16:08 - 000000000 ___RD C:\Users\patri\OneDrive 2023-06-22 16:19 - 2023-06-22 16:19 - 619052932 _____ C:\WINDOWS\MEMORY.DMP 2023-06-16 17:58 - 2023-06-16 17:58 - 000000028 ____H C:\.GamingRoot 2023-06-16 17:58 - 2023-06-16 17:58 - 000000000 ____D C:\XboxGames 2023-06-15 20:55 - 2023-07-13 18:48 - 000000000 ____D C:\WINDOWS\Lenovo 2023-06-13 18:28 - 2023-06-13 18:28 - 000000000 ____D C:\Users\patrick\AppData\Local\Peters_Software_Solutions 2023-06-13 11:01 - 2023-06-13 11:01 - 000435656 _____ C:\Users\patrick\OneDrive\Documents\1677146275-ligne-642-clermont-creil-a-partir-du-270223.pdf 2023-06-09 04:36 - 2023-07-13 18:54 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated 2023-06-07 14:07 - 2023-06-07 14:39 - 000000000 ____D C:\Program Files (x86)\Windows Kits 2023-06-07 14:07 - 2023-06-07 14:39 - 000000000 ____D C:\Program Files (x86)\Microsoft GameInput 2023-06-07 14:06 - 2023-06-13 14:02 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll 2023-06-07 14:06 - 2023-06-07 14:06 - 000247248 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingservicesproxy.dll.0 2023-05-20 16:58 - 2023-05-20 16:58 - 000001526 _____ C:\Users\patrick\Desktop\Raccourci vers Bureau (OneDrive - Personnel).lnk 2023-05-19 17:49 - 2023-07-13 18:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Peters Software Solutions 2023-05-19 17:49 - 2023-05-19 17:49 - 000001230 _____ C:\Users\Public\Desktop\ViVeTool GUI - Feature Scanner.lnk 2023-05-19 17:49 - 2023-05-19 17:49 - 000001155 _____ C:\Users\Public\Desktop\ViVeTool GUI.lnk 2023-05-19 17:49 - 2023-05-19 17:49 - 000000000 ____D C:\Program Files\Peters Software Solutions 2023-05-15 17:34 - 2023-07-13 15:04 - 000000000 ____D C:\Users\patrick\AppData\Local\ElevatedDiagnostics 2023-05-11 20:00 - 2023-05-11 20:19 - 000000000 ____D C:\Users\patrick\AppData\Local\Plex 2023-05-11 20:00 - 2023-05-11 20:00 - 000000000 ____D C:\Users\patrick\AppData\Local\cache 2023-05-11 19:59 - 2023-07-13 18:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex 2023-05-11 19:58 - 2023-05-11 19:58 - 000000000 ____D C:\Program Files\Plex 2023-05-09 11:05 - 2023-07-13 18:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio 2023-05-09 11:05 - 2023-05-10 20:34 - 000000000 ____D C:\Users\patrick\AppData\Roaming\obs-studio 2023-05-09 11:05 - 2023-05-09 11:05 - 000001052 _____ C:\Users\Public\Desktop\OBS Studio.lnk 2023-05-09 11:05 - 2023-05-09 11:05 - 000000000 ____D C:\ProgramData\obs-studio-hook 2023-05-09 11:04 - 2023-05-09 11:05 - 000000000 ____D C:\Program Files\obs-studio 2023-05-09 11:02 - 2023-05-09 11:03 - 134090488 _____ (OBS Project) C:\Users\patrick\Downloads\OBS-Studio-29.1-Full-Installer-x64.exe 2023-05-09 09:50 - 2023-05-09 09:50 - 000000000 ____D C:\Users\patrick\AppData\Local\INetHistory 2023-05-08 09:25 - 2023-05-09 09:40 - 000000000 ____D C:\ProgramData\Package Cache 2023-05-08 09:25 - 2023-05-08 09:25 - 000000000 ____D C:\ProgramData\Intel 2023-05-03 11:44 - 2023-05-03 11:44 - 000000017 _____ C:\Users\patrick\AppData\Local\resmon.resmoncfg ==================== Trois mois (modifiés) ================== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2023-07-21 13:48 - 2023-04-14 18:13 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38 2023-07-21 13:45 - 2023-04-09 16:09 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2023-07-21 13:45 - 2023-04-09 16:09 - 000000000 __SHD C:\Users\patrick\IntelGraphicsProfiles 2023-07-16 14:07 - 2023-04-09 15:56 - 000012288 ___SH C:\DumpStack.log.tmp 2023-07-16 11:13 - 2023-04-09 16:05 - 000000000 ____D C:\Users\patrick\AppData\Local\D3DSCache 2023-07-16 09:26 - 2023-04-09 15:57 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2023-07-16 09:26 - 2023-04-09 15:57 - 000002280 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2023-07-14 08:59 - 2023-04-09 16:19 - 000914872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2023-07-13 18:54 - 2023-04-15 17:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller 2023-07-13 18:54 - 2023-03-26 09:53 - 000000000 ____D C:\WINDOWS\system32\MsDtc 2023-07-13 18:48 - 2023-04-15 12:12 - 000000000 ____D C:\Program Files\Realtek 2023-07-13 18:48 - 2023-04-09 16:10 - 000000000 ____D C:\Program Files (x86)\Lenovo 2023-07-13 18:48 - 2023-04-09 16:09 - 000000000 ____D C:\Program Files\Intel 2023-07-13 18:47 - 2023-04-09 16:05 - 000000000 ____D C:\Users\patrick\AppData\Local\Packages 2023-07-13 18:30 - 2023-04-09 16:05 - 000000000 __RHD C:\Users\Public\AccountPictures 2023-07-13 18:00 - 2023-04-15 12:12 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM 2023-07-13 18:00 - 2023-04-09 16:09 - 000000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat 2023-07-13 10:24 - 2023-04-09 15:56 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2023-07-12 20:39 - 2023-04-14 18:13 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2023-07-12 10:50 - 2023-04-09 16:18 - 173351160 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2023-07-12 10:50 - 2023-04-09 16:18 - 000000000 ____D C:\WINDOWS\system32\MRT 2023-07-10 20:27 - 2023-04-09 16:09 - 000000000 ____D C:\Intel 2023-07-03 10:49 - 2023-04-09 16:01 - 000000000 ____D C:\ProgramData\Packages ==================== Fichiers à la racine de certains dossiers ======== 2023-05-03 11:44 - 2023-05-03 11:44 - 000000017 _____ () C:\Users\patrick\AppData\Local\resmon.resmoncfg ==================== SigCheckExt ========================= 2023-06-07 14:06 - 2023-06-13 14:02 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll 2023-07-21 14:08 - 2023-07-21 14:08 - 002384384 _____ (Farbar) C:\Users\patrick\Desktop\FRST64.exe 2023-07-21 13:52 - 2023-07-21 13:52 - 003511456 _____ (Nicolas Coolman) C:\Users\patrick\Desktop\ZHPSuite.exe ==================== SigCheck ============================ (Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.) ==================== BCD ================================ Gestionnaire de démarrage du microprogramme ------------------------------------------- identificateur {fwbootmgr} displayorder {bootmgr} {9a90f883-d6e5-11ed-84f2-880841743a62} {9a90f881-d6e5-11ed-84f2-880841743a62} {9a90f882-d6e5-11ed-84f2-880841743a62} timeout 0 Gestionnaire de démarrage Windows --------------------------------- identificateur {bootmgr} device partition=\Device\HarddiskVolume1 path \EFI\Microsoft\Boot\bootmgfw.efi description Windows Boot Manager locale fr-FR inherit {globalsettings} flightsigning Yes default {current} resumeobject {77470482-219d-11ee-a326-ebfabc9a7aa7} displayorder {current} toolsdisplayorder {memdiag} timeout 30 Application logicielle (101fffff) -------------------------------- identificateur {9a90f881-d6e5-11ed-84f2-880841743a62} description EFI USB Device Application logicielle (101fffff) -------------------------------- identificateur {9a90f882-d6e5-11ed-84f2-880841743a62} description EFI DVD/CDROM Application logicielle (101fffff) -------------------------------- identificateur {9a90f883-d6e5-11ed-84f2-880841743a62} description EFI Network Application logicielle (101fffff) -------------------------------- identificateur {9a90f885-d6e5-11ed-84f2-880841743a62} description EFI Network 0 for IPv4 (1C-39-47-15-E6-68) Application logicielle (101fffff) -------------------------------- identificateur {9a90f886-d6e5-11ed-84f2-880841743a62} description EFI Network 0 for IPv6 (1C-39-47-15-E6-68) Installation de Windows ----------------------- identificateur {7254a080-1510-4e85-ac0f-e7fb3d444736} device ramdisk=[C:]\$WINDOWS.~BT\Sources\SafeOS\winre.wim,{b75def01-2191-11ee-a8f8-b46d83d401f6} bootstatdevice partition=C: custom:11000083 partition=C: path \windows\system32\winload.efi description Windows Rollback locale fr-FR bootstatfilepath \$WINDOWS.~BT\Sources\SafeOS\bootstat.dat inherit {bootloadersettings} restartonfailure Yes osdevice ramdisk=[C:]\$WINDOWS.~BT\Sources\SafeOS\winre.wim,{b75def01-2191-11ee-a8f8-b46d83d401f6} custom:21000152 partition=C: systemroot \windows nx OptIn bootmenupolicy Standard winpe Yes Chargeur de démarrage Windows ----------------------------- identificateur {current} device partition=C: path \WINDOWS\system32\winload.efi description Windows 11 locale fr-FR inherit {bootloadersettings} recoverysequence {77470484-219d-11ee-a326-ebfabc9a7aa7} displaymessageoverride Recovery recoveryenabled Yes isolatedcontext Yes flightsigning Yes allowedinmemorysettings 0x15000075 osdevice partition=C: systemroot \WINDOWS resumeobject {77470482-219d-11ee-a326-ebfabc9a7aa7} nx OptIn bootmenupolicy Standard Chargeur de démarrage Windows ----------------------------- identificateur {77470484-219d-11ee-a326-ebfabc9a7aa7} device ramdisk=[\Device\HarddiskVolume4]\Recovery\WindowsRE\Winre.wim,{77470485-219d-11ee-a326-ebfabc9a7aa7} path \windows\system32\winload.efi description Windows Recovery Environment locale fr-FR inherit {bootloadersettings} displaymessage Recovery osdevice ramdisk=[\Device\HarddiskVolume4]\Recovery\WindowsRE\Winre.wim,{77470485-219d-11ee-a326-ebfabc9a7aa7} systemroot \windows nx OptIn bootmenupolicy Standard winpe Yes Chargeur de démarrage Windows ----------------------------- identificateur {9a90f8bb-d6e5-11ed-84f2-880841743a62} device ramdisk=[\Device\HarddiskVolume4]\Recovery\WindowsRE\Winre.wim,{9a90f8bc-d6e5-11ed-84f2-880841743a62} path \windows\system32\winload.efi description Windows Recovery Environment locale fr-FR inherit {bootloadersettings} displaymessage Recovery osdevice ramdisk=[\Device\HarddiskVolume4]\Recovery\WindowsRE\Winre.wim,{9a90f8bc-d6e5-11ed-84f2-880841743a62} systemroot \windows nx OptIn bootmenupolicy Standard winpe Yes Reprendre à partir de la mise en veille prolongée ------------------------------------------------- identificateur {77470482-219d-11ee-a326-ebfabc9a7aa7} device partition=C: path \WINDOWS\system32\winresume.efi description Windows Resume Application locale fr-FR inherit {resumeloadersettings} recoverysequence {77470484-219d-11ee-a326-ebfabc9a7aa7} recoveryenabled Yes isolatedcontext Yes allowedinmemorysettings 0x15000075 filedevice partition=C: custom:21000026 partition=C: filepath \hiberfil.sys bootmenupolicy Standard debugoptionenabled No Reprendre à partir de la mise en veille prolongée ------------------------------------------------- identificateur {9a90f8b8-d6e5-11ed-84f2-880841743a62} device partition=C: path \WINDOWS\system32\winresume.efi description Windows Resume Application locale fr-FR inherit {resumeloadersettings} recoverysequence {9a90f8bb-d6e5-11ed-84f2-880841743a62} recoveryenabled Yes isolatedcontext Yes allowedinmemorysettings 0x15000075 filedevice partition=C: custom:21000026 partition=C: filepath \hiberfil.sys bootmenupolicy Standard debugoptionenabled No Testeur de mémoire Windows -------------------------- identificateur {memdiag} device partition=\Device\HarddiskVolume1 path \EFI\Microsoft\Boot\memtest.efi description Diagnostics mémoire Windows locale fr-FR inherit {globalsettings} badmemoryaccess Yes Paramètres EMS -------------- identificateur {emssettings} bootems No Paramètres du débogueur ----------------------- identificateur {dbgsettings} debugtype Local Erreurs de mémoire RAM ---------------------- identificateur {badmemory} badmemorylist 0x104310 Paramètres globaux ------------------ identificateur {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Paramètres du chargeur de démarrage ----------------------------------- identificateur {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Paramètres de l'hyperviseur ------------------- identificateur {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Paramètres du chargeur de reprise --------------------------------- identificateur {resumeloadersettings} inherit {globalsettings} Options de périphérique ----------------------- identificateur {77470485-219d-11ee-a326-ebfabc9a7aa7} description Windows Recovery ramdisksdidevice partition=\Device\HarddiskVolume4 ramdisksdipath \Recovery\WindowsRE\boot.sdi Options de périphérique ----------------------- identificateur {9a90f8bc-d6e5-11ed-84f2-880841743a62} description Windows Recovery ramdisksdidevice partition=\Device\HarddiskVolume4 ramdisksdipath \Recovery\WindowsRE\boot.sdi Options de périphérique ----------------------- identificateur {b75def01-2191-11ee-a8f8-b46d83d401f6} description Windows Setup ramdisksdidevice partition=C: ramdisksdipath \$WINDOWS.~BT\Sources\SafeOS\boot.sdi ==================== Fin de FRST.txt ========================